CVEbaza.plCWE DictionaryCWE-450
Common Weakness Enumeration

CWE-450

Multiple Interpretations of UI Input

Category: BaseCVE: 3
Description

The UI has multiple interpretations of user input but does not prompt the user when it selects the less secure interpretation.

CVE vulnerabilities with CWE-450 (3)
8.4
CVSS
HIGH
CVE-2024-25858

In Foxit PDF Reader before 2024.1 and PDF Editor before 2024.1, code execution via JavaScript could occur because of an unoptimized prompt message for users to review parameters of commands.

pub. 2024-03-05
4.3
CVSS
MEDIUM
CVE-2022-20863

A vulnerability in the messaging interface of Cisco Webex App, formerly Webex Teams, could allow an unauthenticated, remote attacker to manipulate links or other content within the messaging interface. This vulnerability exists because the affected software does not properly handle character rendering. An attacker could exploit this vulnerability by sending messages within the application interface. A successful exploit could allow the attacker to modify the display of links or other content within the interface, potentially allowing the attacker to conduct phishing or spoofing attacks.

pub. 2022-09-08
4.3
CVSS
MEDIUM
CVE-2021-1242

A vulnerability in Cisco Webex Teams could allow an unauthenticated, remote attacker to manipulate file names within the messaging interface. The vulnerability exists because the affected software mishandles character rendering. An attacker could exploit this vulnerability by sharing a file within the application interface. A successful exploit could allow the attacker to modify how the shared file name displays within the interface, which could allow the attacker to conduct phishing or spoofing attacks.

pub. 2021-01-13
Information
ID: CWE-450
Type: Base
Vulnerabilities: 3
MITRE CWE ↗
← CWE Dictionary
CWE-450 — Multiple Interpretations of UI Input | CWE Dictionary | CVEbaza.pl